CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.
An internal CIA report found that the majority of the agency's top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn't until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.
In a letter today to US Director of National Intelligence John Ratcliffe, Wyden noted that the CIA's lax security surrounding its so-called cyberweapons appears to reflect a systemic problem in the intelligence community.
The redacted CIA report said: "We assess that in spring 2016 a CIA employee stole at least 180 gigabytes to as much as 34 terabytes of information. This is roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word. This data loss includes cyber tools that resided on the Center for Cyber Intelligence (CCI) software development network (DevLAN)."
The report goes on to state: "In a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems."
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024